If the -n flag to chkrootkit is used, it's supposed to skip NFS mounted
dirs. Here is the code that gets called when you use it,
tnfs ()
{
## Check if -fstype nfs works
findargs=""
if find /etc -maxdepth 0 >/dev/null 2>&1; then
find /etc ! -fstype nfs -maxdepth 0 >/dev/null 2>&1 && \
findargs="! -fstype nfs "
elif find /etc -prune > /dev/null 2>&1; then
find /etc ! -fstype nfs -prune > /dev/null 2>&1 && \
findargs="! -fstype nfs "
fi
}
This code seems to only be testing /etc to determine if it should exclude
nfs for all finds. While that might be a likely case, I think it's just as
likely someone would mount /usr or /usr/local via nfs. A more general
solution, as well as some comments in that part of the code, would be good.
BTW: The use of -maxdepth as above results in the following warning:
find: warning: you have specified the -maxdepth option after a non-option
argument !, but options are not positional (-maxdepth affects tests
specified before it as well as those specified after it). Please specify
options before other arguments.
The warning is getting sent to /dev/null, but probably good to fix it
anyway so it doesn't trip up people doing QA scans for such things.
Thanks,
--
Matt Taggart
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
